CVE-2022-22265

CVE	CVE-2022-22265
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-01-10 14:12:00 UTC
Updated	2023-06-27 19:03:00 UTC
Description	An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

EPSS: 0.001830000 probability, percentile 0.399260000 (date 2026-04-01)

CISA KEV: Listed on 2023-09-18; due 2023-10-09; ransomware use Unknown

Problem Types: NVD-CWE-Other

Vendor	Samsung
Product	Mobile Devices
Name	Samsung Mobile Devices Use-After-Free Vulnerability
Required Action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes	https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1; https://nvd.nist.gov/vuln/detail/CVE-2022-22265

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Google	Android	10.0	All	All	All
Operating System	Google	Android	11.0	All	All	All
Operating System	Google	Android	12.0	All	All	All
Operating System	Google	Android	9.0	All	All	All
Hardware	Samsung	Exynos	-	All	All	All

Reference	Source	Link	Tags
Samsung Mobile Security	MISC	security.samsungmobile.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.